Solutions for IPv6-based mobility in the EU project MobyDick

Proceedings of the WTC 2002, 18th World Telecommunications Congress, Paris, France, 22 -27 September, 2002.Mobile Internet technology is moving towards a packet-based or, more precisely, IPv6-based network. Current solutions on Mobile IPv6 and other related QoS and AAA matters do not offer the security and quality users have come to take for granted. The EU IST project Moby Dick has taken on the challenge of providing a solution that integrates QoS, mobility and AAA in a heterogeneous access environment. This paper focuses on the mobility part of the project, describes and justifies the handover approach taken, shows how QoS-aware and secure handover is achieved, and introduces the project's paging concept. It shows that a transition to a fully integrated IP-RAN and IP-Backbone has become a distinct option for the future.Publicad

Analysis of intrusion prevention methods

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2004Includes bibliographical references (leaves: 105-108)Text in English; Abstract: Turkish and Englishviii, 108 leavesToday, the pace of the technological development and improvements has compelled the development of new and more complex applications. The obligatory of application development in a short time to rapidly changing requirements causes skipping of some stages, mostly the testing stage, in the software development cycle thus, leads to the production of applications with defects. These defects are, later, discovered by intruders to be used to penetrate into computer systems. Current security technologies, such as firewalls, intrusion detection systems, honeypots, network-based antivirus systems, are insufficient to protect systems against those, continuously increasing and rapid-spreading attacks. Intrusion Prevention System (IPS) is a new technology developed to block today.s application-specific, data-driven attacks that spread in the speed of communication. IPS is the evolved and integrated state of the existing technologies; it is not a new approach to network security. In this thesis, IPS products of various computer security appliance developer companies have been analyzed in details. At the end of these analyses, the requirements of network-based IPSs have been identified and an architecture that fits those requirements has been proposed. Also, a sample network-based IPS has been developed by modifying the open source application Snort

Network intrusion prevention in the evolved packet core utilising software defined networks and network function virtualisation

Mobile Networks (MNs) are fundamental infrastructures in modern life. As traffic volumes rise and subscriber needs are expanding, MNOs need to adapt in order to keep up with the demand. This has led to MNOs virtualising the Core Network (CN) by utilising Software Defined Networking (SDN) and Network Functions Virtualisation(NFV). The security and reliability of the MN are under higher levels of scrutiny as more traffic and subscribers make use of the MN. As MNs become more popular so do they become more enticing for malicious actors as targets for attacks. The virtualisation of the CN has led to new security issues being introduced such as unused network paths being created for attackers to exploit. This research aims to utilise SDN and NFV to mitigate this issue by only allowing for critical network paths to be traversable in a virtualised CN without triggering alerts and node quarantines. The CN of a MN controls/manages all network traffic flows through the mobile network from User Equipment (UE) to a backhaul network (e.g., the Internet). Flows are streams of data that make use of a network path between two or more nodes within a network. Security has mostly been focussed on defending the perimeter of the CN to prevent unwanted access to the internals of the CN, as well as preventing the UE of subscribers from getting compromised. This perimeter only focus has led to the High Value Assets (HVAs) of the CN being vulnerable to attacks from malicious actors that have gained access to the internal nodes of a CN. Vulnerabilities still exist in the system that could allow for the attacker to compromise a node within the CN. If an attacker were to gain access to a node within the CN then they would be able to manoeuvre throughout the network undetected and unhindered along any and every network path with an HVA being their most likely goal. Therefore a Network Intruder Prevention System (NIPS) is proposed that will limit the paths that are allowed within the CN and detects whenever an attempt is made to traverse a non critical network path. This will greatly increase the probability of an attacker being detected. The NIPS will leverage off of two new network architectures in order to protect the CN’s HVAs. First SDN is leveraged to gain a holistic view of network traffic flows within the CN. SDN allows for network control functions to integrate with a logically centralised controller. The controller also allows for programmatic management of the network which proves to be crucial in detecting, containing and responding to security threats internal to a network. Second is NFV which allows for specific network functions within the CN to be virtualised. With the ability to virtualise the specific nodes within the CN comes the chance to programmatically deploy network functions with the specific goal of security once an anomaly is detected within the network. NFV is selected for this research due to its ability to quickly deploy false instances of the target of a network attack, therefore allowing for comprehensive containment. SDN and NFV create a better environment in which attackers attempting to target a HVA can be mitigated. A SDN based NIPS is proposed that applies strict control rules to the network traffic flows allowed between nodes in the CN. During normal functionality of the CN, only flows that make use of critical network paths are required. If a flow is requested from the SDN controller that is determined to be malicious, then the SDN application is designed to automatically deploy a virtualised decoy version of the intended target, by means of NFV. The controller is then able to redirect malicious flows away from their intended target towards the decoy, effectively quarantining the compromised node therefore mitigating the attacks damage. It is shown that a NIPS with the described functionality would detect, contain and respond to the attackers attempting lateral movement

Automatic Information Exchange in the Early Rescue Chain Using the International Standard Accident Number (ISAN)

Thus far, emergency calls are answered by human operators who interview the calling person in order to obtain all relevant information. In the near future-based on the Internet of (Medical) Things (IoT, IoMT)-accidents, emergencies, or adverse health events will be reported automatically by smart homes, smart vehicles, or smart wearables, without any human in the loop. Several parties are involved in this communication: the alerting system, the rescue service (responding system), and the emergency department in the hospital (curing system). In many countries, these parties use isolated information and communication technology (ICT) systems. Previously, the International Standard Accident Number (ISAN) has been proposed to securely link the data in these systems. In this work, we propose an ISAN-based communication platform that allows semantically interoperable information exchange. Our aims are threefold: (i) to enable data exchange between the isolated systems, (ii) to avoid data misinterpretation, and (iii) to integrate additional data sources. The suggested platform is composed of an alerting, responding, and curing system manager, a workflow manager, and a communication manager. First, the ICT systems of all parties in the early rescue chain register with their according system manager, which tracks the keep-alive. In case of emergency, the alerting system sends an ISAN to the platform. The responsible rescue services and hospitals are determined and interconnected for platform-based communication. Next to the conceptual design of the platform, we evaluate a proof-of-concept implementation according to (1) the registration, (2) channel establishment, (3) data encryption, (4) event alert, and (5) information exchange. Our concept meets the requirements for scalability, error handling, and information security. In the future, it will be used to implement a virtual accident registry

Creating a distributed network traffic analyser

This version is made available in accordance with publisher policies. Please cite only the published version using the reference above. Se

Migration of a cloud-based microservice platform to a container solution

Este trabajo presenta las labores realizadas durante 6 meses de prácticas en Gandi SAS, en el proyecto Caliopen. Caliopen es un proyecto open-source de mensajería orientado a respetar la privacidad de sus usuarios. El objetivo del trabajo es la administración y mejora de la plataforma de mensajería del proyecto, haciéndola evolucionar a una solución estable y escalable. La memoria describe el estudio y la implantación de una solución basada en Kubernetes para la nueva plataforma, desplegada en la plataforma de IaaS de Gandi. En el proceso también se describen las diferentes herramientas y utilidades desarrolladas, así como la solución implementada para monitorizar el sistema

Automation for incorporating assets into monitoring tools

The project consists of an analysis of the different monitoring tools and automation functions in them to find the best tool for incorporating assets. These tools have been tested in a controlled environment to determine their capabilities. It all started with a study of automation needs and a search for monitoring tools. Subsequently, I made the choice of the tool according to established criteria and an adjusted result was obtained, so it was decided to incorporate the second-best option. Then, the configuration and implementation of both were carried out in a controlled environment and a test of both was proposed and executed. Finally, after analyzing and testing the two best options, it has been seen that both Nagios Core and Zabbix have offered similar results, but it has been determined that the best option for implementation in the client network is to meet the established needs is Zabbix.El proyecto consiste en un análisis de las diferentes herramientas de monitorización y funciones de automatización de las mismas para encontrar la mejor herramienta para la incorporación de activos. Estas herramientas se han probado en un entorno controlado para determinar sus capacidades. Todo comenzó con un estudio de necesidades de automatización y una búsqueda de herramientas de monitoreo. Posteriormente, realicé la elección de la herramienta según criterios establecidos y se obtuvo un resultado ajustado, por lo que se decidió incorporar la segunda mejor opción. Luego, se realizó la configuración e implementación de ambas en un ambiente controlado y se propuso y ejecutó un testeo para ambas. Finalmente, tras analizar y testear las dos mejores opciones, se ha visto que tanto Nagios Core como Zabbix han ofrecido resultados similares, pero se ha determinado que la mejor opción de implementación en la red del cliente para cubrir las necesidades establecidas es Zabbix.El projecte consisteix en una anàlisi de les diferents eines de monitorització i funcions d'automatització per trobar la millor eina per a la incorporació d'actius. Aquestes eines s'han provat en un entorn controlat per determinar-ne les capacitats. Tot va començar amb un estudi de necessitats d'automatització i una cerca d'eines de monitorització. Posteriorment, vaig fer l'elecció de l'eina segons criteris establerts i es va obtenir un resultat ajustat, per la qual cosa es va decidir incorporar-hi la segona millor opció. Després, es va realitzar la configuració i implementació de totes dues en un ambient controlat i es va proposar i executar un testeig d'ambdues. Finalment, després d'analitzar i testejar les dues millors opcions, s'ha vist que tant Nagios Core com Zabbix han ofert resultats similars, però s'ha determinat que la millor opció d'implementació a la xarxa del client per cobrir les necessitats establertes és Zabbix